From fcb0212200fb13d460cc17d7e0818d7e231adb2a Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcritten@redhat.com>
Date: Nov 11 2021 18:12:02 +0000
Subject: Reject a certificate with an empty NSS nickname


It technically wasn't NULL initially, it was "", so wasn't being
caught in the NULL check. The value stored was "" which was treated
as NULL when re-read so the request would eventually lead to a
SEGFAULT by doing a strcmp.

https://bugzilla.redhat.com/show_bug.cgi?id=1995681

Signed-off-by: Rob Crittenden <rcritten@redhat.com>

---

diff --git a/src/tdbush.c b/src/tdbush.c
index 1c74a4d..b573922 100644
--- a/src/tdbush.c
+++ b/src/tdbush.c
@@ -616,7 +616,7 @@ base_add_request(DBusConnection *conn, DBusMessage *msg,
 							  CM_DBUS_PROP_CERT_LOCATION_NICKNAME,
 							  cm_tdbusm_dict_s);
 		}
-		if (param == NULL) {
+		if (param == NULL || param->value.s == NULL || strlen(param->value.s) == 0) {
 			cm_log(1, "Certificate nickname not specified.\n");
 			talloc_free(parent);
 			return send_internal_base_missing_arg_error(conn, msg,